Privacy Policy

1. Introduction

SkinVault ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information from Steam

When you authenticate through Steam, we collect:

• Steam ID (SteamID64)
• Steam profile name
• Steam avatar image
• Public inventory data (skins, items)
• Public game statistics (if profile is public)

Note: We only access publicly available information from your Steam profile. We do not access private inventory or profile data.

2.2 Information from Discord (Optional)

When you connect your Discord account (optional), we collect:

• Discord ID (unique identifier)
• Discord username (including discriminator if applicable)
• Discord avatar image
• Discord OAuth access token and refresh token (for sending direct messages)
• Token expiration timestamp
• Connection timestamp

Note: Discord tokens are stored securely and expire automatically. You can disconnect your Discord account at any time, which will remove all stored Discord data and active price trackers.

2.3 Information You Provide

• Wishlist items (stored locally in your browser and optionally synced to server)
• Currency preferences (EUR/USD, stored in browser localStorage)
• Price alert/tracker settings (target prices, conditions, stored in Vercel KV database)
• Contact form submissions (name, email, message, images)
• Payment information (processed securely through Stripe - we do not store credit card details)
• Compare list items (stored locally in browser)

2.4 Automatically Collected Information

• First login timestamp (for free trial eligibility, stored in Vercel KV)
• Pro subscription status and expiration dates (stored in Vercel KV)
• Claimed free month status (stored in Vercel KV)
• Price alert trigger history (stored in Vercel KV)
• Browser type and device information
• IP address (for security and analytics)
• Usage data (pages visited, features used, commands executed)
• Price cache data (stored locally in browser for performance)
• Dataset cache (item information, stored locally in browser)

3. How We Use Your Information

We use the collected information for:

• Providing and maintaining the Service
• Displaying your inventory and statistics
• Processing Pro subscription payments
• Managing your account and preferences
• Sending service-related communications
• Responding to your contact form submissions
• Improving and optimizing the Service
• Detecting and preventing fraud or abuse
• Complying with legal obligations

4. Data Storage and Security

4.1 Storage Locations

• Browser LocalStorage:
  • Wishlist items (key: sv_wishlist_v1)
  • Currency preferences (key: sv_currency)
  • User session data (key: steam_user)
  • Price cache (key: sv_price_cache_v1)
  • Dataset cache (key: sv_dataset_cache_v1)
  • Compare list (key: sv_compare_list)
• Vercel KV Database:
  • Pro subscription data (key: pro_users)
  • First login timestamps (key: first_logins)
  • Claimed free month flags (key: claimed_free_month)
  • Discord connections (key: discord_connections) - includes Discord ID, username, avatar, OAuth tokens
  • Price alerts/trackers (key: price_alerts) - includes target prices, conditions, trigger status
  • Discord DM queue (key: discord_dm_queue) - temporary queue for bot messages
• Stripe: Payment information (we do not store credit card details on our servers)

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

• HTTPS encryption for all data transmission
• Secure authentication through Steam OpenID
• Encrypted database storage (Vercel KV)
• Regular security updates and monitoring
• Access controls and authentication for admin functions

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Steam: For authentication and accessing your public profile data, inventory, and statistics
• Discord: For sending price alert notifications via direct messages and enabling bot commands (subject to Discord's privacy policy)
• Stripe: For payment processing (subject to Stripe's privacy policy)
• Vercel: For hosting and data storage via Vercel KV (subject to Vercel's privacy policy)
• Email Service Providers: For sending contact form emails (Resend, SMTP providers)
• Proxy Services: ScraperAPI, ZenRows, ScrapingAnt for accessing Steam Community Market data
• steamid.io: For resolving Steam usernames to Steam64 IDs
• CORS Proxy Services: corsproxy.io, api.allorigins.win for accessing external APIs

We may also disclose information if required by law or to protect our rights and safety.

6. Cookies and Local Storage

We use browser localStorage (not cookies) to store:

• Your Steam authentication session (Steam ID, profile name, avatar)
• Wishlist items (optionally synced to server for cross-device access)
• Currency preferences (EUR/USD)
• Price cache data (cached market prices for performance - Free: 30 min, Pro: 2 hours)
• Dataset cache (item information from CS:GO API - cached for 12-24 hours)
• Compare list (items selected for comparison, max 2 items)

This data is stored locally in your browser and is not transmitted to our servers except when necessary for the Service to function (e.g., wishlist sync, price alerts). You can clear this data at any time by clearing your browser's localStorage.

7. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Steam: Steam Privacy Policy
• Discord: Discord Privacy Policy
• Stripe: Stripe Privacy Policy
• Vercel: Vercel Privacy Policy
• Proxy Services: ScraperAPI, ZenRows, ScrapingAnt (each has their own privacy policies)

8. Your Rights and Choices

You have the right to:

• Access: Request information about data we hold about you
• Correction: Update or correct your information
• Deletion: Request deletion of your data (subject to legal requirements)
• Withdrawal: Withdraw consent for data processing
• Portability: Request a copy of your data in a portable format

To exercise these rights, contact us through our Contact Page.

9. Data Retention

We retain your data for as long as necessary to provide the Service:

• Account Data: Retained while your account is active
• Pro Subscription Data: Retained for the duration of your subscription and for legal/accounting purposes
• Discord Connection Data: Retained until you disconnect your Discord account or tokens expire. Expired tokens are automatically removed.
• Price Alert Data: Retained until you delete the alert or disconnect your Discord account
• Contact Form Data: Retained for customer support purposes
• LocalStorage Data: Stored in your browser until you clear it. Wishlist data may be synced to server for cross-device access.
• Discord DM Queue: Temporary queue cleared after messages are sent by the bot

You can delete your local data at any time by clearing your browser's localStorage. You can disconnect your Discord account at any time, which will remove all Discord-related data and price trackers. To request deletion of server-stored data, contact us through our Contact Page.

10. Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our Contact Page.

14. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data collection
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

To exercise these rights, contact us through our Contact Page.